from authlib.integrations.flask_client import OAuth
from flask import Flask, jsonify, redirect, url_for, request

import requests

import secrets
import os

from configparser import ConfigParser
from pathlib import Path

config = ConfigParser()
config.read(Path(__file__).parent / "settings.ini")

app = Flask(__name__)

# Set a secret key for the Flask app
# This is used to encrypt the session cookie
# As we don't need to store any session data, we use a random string

app.secret_key = secrets.token_hex(32)

plesk_url = config["PLESK"].get(
    "Domain", fallback=os.environ.get("PLESK_DOMAIN"))

# Configure Authlib with OIDC provider details
# Will use environment variables if values are not set in config

oauth = OAuth(app)

client_id = config["OIDC"].get(
    "ClientID", fallback=os.environ.get("OIDC_CLIENT_ID"))
client_secret = config["OIDC"].get(
    "ClientSecret", fallback=os.environ.get("OIDC_CLIENT_SECRET"))
token_url = config["OIDC"].get(
    "TokenURL", fallback=os.environ.get("OIDC_TOKEN_URL"))
authorize_url = config["OIDC"].get(
    "AuthorizeURL", fallback=os.environ.get("OIDC_AUTHORIZE_URL"))
jwks_url = config["OIDC"].get(
    "JWKSURL", fallback=os.environ.get("OIDC_JWKS_URL"))

oauth.register(
    name='oidc',
    client_id=client_id,
    client_secret=client_secret,
    access_token_url=token_url,
    authorize_url=authorize_url,
    jwks_uri=jwks_url,
    client_kwargs={
        'scope': config["OIDC"].get("Scope", fallback="openid profile email"),
        'token_endpoint_auth_method': 'client_secret_basic',
        'token_placement': 'header'
    },
)

# Define a route for the "home page"
# This will redirect to the OIDC provider's login page


@app.route('/')
def home():
    redirect_uri = url_for('oidc_callback', _external=True)
    return oauth.oidc.authorize_redirect(redirect_uri)

# Define a route for the OIDC provider's callback URL
# This will be called after the user has logged in
# It will then create a Plesk session for the user and redirect to the Plesk login page


@app.route('/oidc/callback')
def oidc_callback():
    # Get user information from OIDC provider
    token = oauth.oidc.authorize_access_token()
    user_info = token["userinfo"]

    # Display user's preferred_username
    username = user_info.get('preferred_username')

    # Get the user's IP address
    # This needs to be the IP address the Plesk server sees

    # Check if "SourceIP" is set in config

    source_ip = config["OIDC"].get("SourceIP", fallback="auto")

    # If "SourceIP" is set to "auto", get the IP address from the X-Forwarded-For header
    # If the header is not set, use the remote address as seen by Flask

    if source_ip == "auto":
        source_ip = request.headers.get("X-Forwarded-For", request.remote_addr)

    # If "SourceIP" is set to "public", get the plesklogin host's public IPv4 from ipify.org

    if source_ip == "public":
        source_ip = requests.get("https://api.ipify.org").text

    # Otherwise, just use the value of "SourceIP" as the IP address

    # Prepare a request to the Plesk API to create a session for the user

    xml_data = f"""
        <packet version="1.6.9.1">
            <server>
                <create_session>
                    <login>{username}</login>
                    <data>
                        <user_ip>{source_ip}</user_ip>
                        <source_server></source_server>
                    </data>
                </create_session>
            </server>
        </packet>
    """

    headers = {
        "Content-Type": "text/xml",
        "HTTP_PRETTY_PRINT": "TRUE",  # Hey, it's pretty!
    }

    # Add the username and password to the request headers

    plesk_login = config["PLESK"].get(
        "Username", fallback=os.environ.get("PLESK_USERNAME"))
    plesk_password = config["PLESK"].get(
        "Password", fallback=os.environ.get("PLESK_PASSWORD"))
    
    headers["HTTP_AUTH_LOGIN"] = plesk_login
    headers["HTTP_AUTH_PASSWD"] = plesk_password

    # If "VerifySSL" is set to "False" in the configuration, disable SSL verification

    verify = config["PLESK"].getboolean("VerifySSL", fallback=True)

    response = requests.post(
        f"https://{plesk_url}/enterprise/control/agent.php", headers=headers, data=xml_data, verify=verify)

    # Extract the session ID from the response XML or raise an exception if the request failed

    if response.status_code == 200:
        response_xml = response.content.decode()
        # Extract the session ID from the response XML
        session_id = response_xml.split("<id>")[1].split("</id>")[0]
    else:
        print("Error:", response.status_code, response.content.decode())
        raise Exception()

    # Redirect to the Plesk login page with the session ID

    return redirect(f"https://{plesk_url}/enterprise/rsession_init.php?PLESKSESSID={session_id}")


if __name__ == '__main__':
    app.run(debug=config["FLASK"].getboolean(
        "Debug", fallback=bool(os.environ.get("FLASK_DEBUG", False))))